CONTACT US
forrester wave report 2023

Close your ransomware case with Open NDR

SEE HOW

Download our free guide to find hidden attackers.

Find hidden attackers with Open NDR

SEE HOW

cloud-network

Corelight announces cloud enrichment for AWS, GCP, and Azure

READ MORE

corelight partner programe guide

Corelight's partner program

VIEW PROGRAM

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

Takeaways from RSA 2024

RSA 2024 is a wrap. After multiple conversations with security leaders and partners on the show floor and during different sessions and happy hours, it’s time to look back and reflect on the biggest takeaways from the conference.

AI is everywhere

It shouldn’t be a surprise but AI was everywhere at RSA 2024. From securing Gen-AI capabilities and weaponized Gen-AI to leveraging AI-powered cybersecurity tools for pentest, detection and response, AI was ever-present on the show floor and in the sessions. However, there was no consensus yet regarding the net impact of AI on analysts and defenders. AI in everything was overwhelming and distracted from the true value of AI/LLM, which only a few vendors were able to demonstrate. Some vendors at RSA 2024 incited fear with the evolution of attacks with AI, while most promoted the possibility of positive impact from AI-powered tools.

Although AI will be prevalent in the cybersecurity industry, security leaders need to understand how AI can help secure their infrastructure and improve SOC efficiency.

Corelight believes that defenders can leverage AI-powered tools to analyze complex data sets and accelerate triage through AI-assisted SOC workflow improvements. Learn more about how Corelight uses AI here.

Consolidation will continue

Industry leaders continue to promote their acquisitions and innovations like eBPF from Cisco, NG-SEIM from Crowdstrike, and new threat intel offerings from Google, etc. At the same time, as security functionality becomes standardized, consolidation of security capabilities is imminent. On average there are 50-75 tools in the SOC, which, together with the skills gap, continue to challenge SOCs in terms of visibility and coverage. However, as attacks and attack surfaces continue to evolve, opportunities arise for new solutions that solve specific security challenges.

For security leaders, understanding the risk across the infrastructure is critical to deploying the right solutions to secure the enterprise. A firewall may be appropriate for an enterprise private cloud whereas a cloud firewall may be sufficient for branch offices.

However, any new technology adoption needs to work seamlessly with existing infrastructure. Re-tooling and re-training the team is not a security strategy for most security leaders.

Corelight’s customers have leveraged network evidence seamlessly with existing infrastructure including EDRs, SIEMs, multi-cloud infrastructure, threat intel and vulnerability management tools. Learn more about Corelight’s Open NDR ecosystem and partnerships to see how Open NDR can drive more value for your existing security investments.

Need for NDR is gaining widespread acceptance

In recent years, Network Detection and Response (NDR) has evolved as a solution for analyzing network traffic, surpassing traditional Network Traffic Analysis (NTA) systems. Unlike older NTA systems that only set baselines for traffic, NDR systems employ a combination of signature-based, behavioral, and machine learning methodologies to scrutinize network data for signs of anomalous activities. Moreover, NDR solutions equip analysts with capabilities to react to security incidents, offering either built-in response mechanisms or compatibility with external security tools.

As workloads move to the edge and the cloud, it is becoming increasingly difficult to get the ground truth with just posture management, EDR and SIEM based SOC architecture. Agent based approaches don’t work to understand the extent of attacks (blast radius) or control traffic that masquerade as legitimate network traffic. Organizations who are looking for better context and understanding of new threat vectors, are realizing the need for quality data from NDR.

In a recent research by Enterprise Strategy Group, nearly half (45%) of security operations leaders believe that increased workload is their biggest threat detection and response challenge while nearly 70% leaders believe that right NDR can help improve SOC analyst efficiency.Read the study about how Open NDR can help.

If you’d like to learn more, reach out. We’d love to talk to you.

Recent Posts